Preventing form resubmission

Question

Page one contains an HTML form. Page two - the code that handles the submitted data.

The form in page one gets submitted. The browser gets redirected to page two. P

Answer 1

There are two parts to the answer:

1. Ensure duplicate posts don't mess with your data on the server side. To do this, embed a unique identifier in the post so that you can reject subsequent requests server side. This pattern is called Idempotent Receiver in messaging terms.

2. Ensure the user isn't bothered by the possibility of duplicate submits by both

   • redirecting to a GET after the POST (POST redirect GET pattern)
   • disabling the button using javascript

Nothing you do under 2. will totally prevent duplicate submits. People can click very fast and hackers can post anyway. You always need 1. if you want to be absolutely sure there are no duplicates.